CVE-2021-25329

{"id": "CVE-2021-25329", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2021-03-01T12:15:14.280", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/202208-34", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20210409-0002/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.debian.org/security/2021/dsa-4891", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue."}, {"lang": "es", "value": "La correcci\u00f3n para el CVE-2020-9484 estaba incompleta. Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41, versiones 8.5.0 hasta 8.5.61 o versiones 7.0.0. hasta 7.0.107, con un caso de borde de configuraci\u00f3n que era muy poco probable que se usara, la instancia de Tomcat segu\u00eda siendo vulnerable a CVE-2020-9494. Tome en cuenta que tanto los requisitos previos publicados anteriormente para CVE-2020-9484 como las mitigaciones publicadas anteriormente para CVE-2020-9484 tambi\u00e9n se aplican a este problema"}], "lastModified": "2023-11-07T03:31:27.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E998F73-DAF4-46E6-A766-EEA9FE9ABA5A", "versionEndIncluding": "7.0.107", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4ABB491-6750-457E-B5A4-67C1146CB15F", "versionEndIncluding": "8.5.61", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9DFCBAF-1583-4C2F-8776-76F4DCB582B5", "versionEndIncluding": "9.0.41", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA7CC5E9-3631-4073-84C8-2C12D90686CB"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B9FF07-1B93-4F8C-AC56-7CA74E61B724"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53A9F7EE-AF2A-43E5-B708-0198784AB45A"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC872C5F-63AF-4BB8-8629-334FC9704AE8"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B95C95-DF3E-49C1-9CA0-4474DD7EF7B8"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310B0163-01DE-40DA-A2EA-FFA4A6100037"}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75420449-A951-4133-A5F1-4C01F2DF843B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001"}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48"}, {"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"}, {"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"}, {"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91"}, {"criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38532AE4-9C9F-4182-A791-FCD2BE27DEA6", "versionEndExcluding": "21.3.0"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2"}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F48F2267-61EA-4F12-ADE9-85CB6F6B290E", "versionEndIncluding": "8.0.23"}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B15024-E757-443B-8424-BBF0A28C3753", "versionEndExcluding": "21.9"}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1E0A69B-9039-4405-8E87-928DB998E6EB"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}